Option 1: Generate Keys in the Command Line
Windows 10 has had a built-in OpenSSH client since the April 2018 update. Windows 11 also comes with this feature built-in.
To use it open the Windows Command Prompt by hitting the Windows key and typing “cmd”.
Whether you use Command Prompt or Windows Terminal, type ssh-keygen
and hit Enter. This will automatically generate the SSH keys. In our tests on Windows 11, it created a 2048-bit RSA key. If you’d like to use a different algorithm—GitHub recommends Ed25519, for example—then you’d type ssh-keygen -t ed25519
.
After you type your command hit Enter, and then you’ll be prompted to give your key a name and save it in a specific location. If you use the defaults then it will save your keys in C:\User[YourUserName].ssh
—assuming the C drive is where your user account is stored.
Next, you’ll be asked to enter a passphrase. We highly recommend you do this to keep your key secure.
That’s it your keys are created, saved, and ready for use. You will see you have two files in your “.ssh” folder: “id_rsa” with no file extension and “id_rsa.pub.” The latter is the key you upload to servers to authenticate while the former is the private key that you don’t share with others.
If you wanted to create multiple keys for different sites that’s easy too. Say, for example, you wanted to use the default keys we just generated for a server you have on Digital Ocean, and you wanted to create another set of keys for GitHub. You’d follow the same process as above, but when it came time to save your key you’d just give it a different name such as “id_rsa_github” or something similar. You can do that as many times as you like. Just remember that the more keys you have, the more keys you have to manage. When you upgrade to a new PC you need to move those keys with your other files or risk losing access to your servers and accounts, at least temporarily.
Option 2: Generate Keys in WSL
If you’re a WSL user, you can use a similar method with your WSL install. In fact, it’s basically the same as with the Command Prompt version. Why would you want to do this? If you primarily live in Linux for command line duties then it just makes sense to keep your keys in WSL.
Open up Windows Terminal or the built-in Ubuntu command prompt (assuming you installed Ubuntu Linux). Then it’s very similar to Windows. Unlike Windows, it’s best to specify whether you want an RSA key or something like Ed25519.
Say you wanted to create an RSA-4096 key. You’d type in the following command:
ssh-keygen -t rsa -b 4096
If you wanted Ed25519 then the recommended way is as follows:
ssh-keygen -t ed25519 -C "your@email.address"
It’s recommended to add your email address as an identifier, though you don’t have to do this on Windows since Microsoft’s version automatically uses your username and the name of your PC for this.
Again, to generate multiple keys for different sites just tag on something like “_github” to the end of the filename.
Option 3: Generate Keys With PuTTY
For years, the old school PuTTY program was a popular way to communicate with a server in Windows. If you’ve already got this program on your system it also offers a method for creating SSH keys.
PuTTY comes with a number of helper programs, one of which is called the PuTTY Key Generator. To open that either search for it by hitting the Windows Key and typing “puttygen,” or searching for it in the Start menu.
Once it’s open, at the bottom of the window you’ll see the various types of keys to generate. If you’re not sure which to use, select “RSA” and then in the entry box that says “Number Of Bits In A Generated Key” type in “4096.” Another alternative is to select “EdDSA,” and then from the drop-down menu that appears below it make sure “Ed25519 (255 bits)” is selected.
Now, all you have to do is click “Generate,” and PuTTY will start working. This shouldn’t take too long depending on the strength of your system, and PuTTy will ask you to move your mouse around inside the window to help create a little more randomness during key generation.
Once that’s done click “Save Public Key” to save your public key, and save it where you want with the name “id_rsa.pub” or “id_ed25519.pub” depending on whether you selected RSA or Ed25519 in the earlier step.
Then to get your private key it takes an extra step. By default, PuTTY generates PPK keys for use with the PuTTy client. If you want OpenSSH, however, at the top of the window select Conversions > Export OpenSSH Key and then save the file as “id_rsa” or “id_ed25519” with no file ending.
Generating SSH keys is really easy whichever method you choose. We’d recommend going with the Windows Command Prompt option unless you already have PuTTY installed, or prefer Linux and understand that system.
No comments:
Post a Comment